Add X509 certificate identity token authentication

Support authMode=cert alongside anonymous and user. The client reuses its application certificate as the X509 identity token (open62541 requires both to match). Server-side access control advertises the certificate token policy automatically when sessionPKI is configured.
author: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 21:44:17 +0100
committer: Thomas Vanbesien <tvanbesi@proton.me> 2026-02-18 21:44:17 +0100
commit: deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 (patch)
tree: 93b6614e554db2e8c7ac0becfb0b8129ab49e141 /tests/secure_cert/server_register_client.conf
parent: 70381b3381d77845dbc04fd521b729b7098134a5 (diff)
download: BobinkCOpcUa-deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34.tar.gz
BobinkCOpcUa-deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/secure_cert/server_register_client.conf b/tests/secure_cert/server_register_client.conf
new file mode 100644
index 0000000..7542bdf
--- /dev/null
+++ b/tests/secure_cert/server_register_client.conf
@@ -0,0 +1,13 @@
+# ServerRegister client config — test: secure_cert
+# Registers with the LDS (anonymous — LDS does not require cert auth).
+
+applicationUri = urn:localhost:bobink:ServerRegister
+
+certificate = certs/ServerRegisterClient_cert.der
+privateKey = certs/ServerRegisterClient_key.der
+trustStore = certs/trust/server_register_client
+
+securityMode = SignAndEncrypt
+securityPolicy = Basic256Sha256
+
+authMode = anonymous
author	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 21:44:17 +0100
committer	Thomas Vanbesien <tvanbesi@proton.me>	2026-02-18 21:44:17 +0100
commit	deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34 (patch)
tree	93b6614e554db2e8c7ac0becfb0b8129ab49e141 /tests/secure_cert/server_register_client.conf
parent	70381b3381d77845dbc04fd521b729b7098134a5 (diff)
download	BobinkCOpcUa-deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34.tar.gz BobinkCOpcUa-deaabd1464784a6fddbfa9e1ac6cb0e1148a8c34.zip